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(54) Title: PROCEDURE FOR ACCESSING A SERVICE IN A DATA COMMUNICATION SYSTEM, AND A DATA COMMUNI- 
CATION SYSTEM 

(57) Abstract 

The invention relates to a procedure and a data communication system in which a service provider gives the user of a service a set 
of exoendable oasswords that the user can use to access the service via a telecommunication and/or data network. The ^system comprises 
u^^nSld^p^ded with means for sending a password at log-on to the service, and a server to which the termma I dev,ce 
sets up a connection and which comprises means for identifying the password and for allowing/denying access to the service on the basis 
of the password supplied. Hie terminal device comprises means for storing a set of passwords and for selecting the right password from 
me stored set of passwords at log-on to a predetermined service to allow automatic addition of the password to a connection setup s,gnal 
to be transmitted from the terminal device to the server. 
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PROCEDURE FOR ACCESSING A SERVICE IN A DATA 
COMMUNICATION SYSTEM, AND A DATA COMMUNICATION SYSTEM 

The present invention relates to a procedure 
as defined in the preamble of claim 1. Moreover, the 
5 invention relates to a system as defined in the pream- 
ble of claim 6. 

Reliable user identification is a prerequi- 
site for the use of many services provided in the gen- 
eral telecommunication network or in other data net- 
10 works. Such services include e.g. bank services. The 
service may involve significant economic effects and 
therefore the service provider wants to ascertain the 
user's identity before making the service available. 

Very often, e.g. in conjunction with bank 
15 services, the user is identified by means of pass- 
words. Usually these passwords are expendable. The 
service provider or an identifying party authorised by 
the service provider has given the user beforehand a 
number of passwords (e.g. four-digit numbers), one of 
2 0 which the customer uses each time he/she needs the 
services. When a list of passwords is about to be ex- 
hausted, the service provider (or a party authorised 
by the service provider) sends the user a new list of 
passwords. Thus, the user always has a sufficient num- 
2 5 ber of passwords for his/her needs in the near future. 

A feature typical of prior-art solutions is 
that the customer has to manually input an expendable 
password when logging on to a server. Often the pass- 
word is entered by pressing the keys of a telephone 
30 set, causing the data to be transmitted to the server 
using tone frequency transmission, so-called DTMF 
(dual tone multi frequency) codes. In addition, there 
are many other methods for transmitting a password, 
such as the short-message service in the GSM network 
35 (GSM, Global System for Mobile Communications; in the 
present description, GSM network refers to any mobile 
communication system based on the GSM specifications) . 
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However, the essential point is that the user has to 
manually input the password him/herself. This is in 
many cases quite difficult for the user. 

Another feature typical of prior- art solu- 
5 tions is that the service provider must send a new set 
of passwords by using a rather unreliable transmission 
mechanism. The most commonly used method is to send 
them by mail. The problem is that the letter contain- 
ing the passwords may end up in the wrong hands. 
10 The object of the present invention is to 

eliminate the problems described above. 

A specific object of the present invention is 
to disclose a completely new type of procedure and 
system for transmitting passwords between a user's 
15 telephone apparatus and a server. 

A further object of the invention is to fa- 
cilitate the use of services requiring passwords by 
reducing the number of routines necessitating user in- 
teraction in conjunction with the use of the services 
2 0 without making any compromises in regard of safety of 

the services. 

The procedure of the invention is character- 
ised by what is presented in claim 1. The system of 
the invention is characterised by what is presented in 
25 claim 6. 

In the procedure of the invention for access- 
ing a service in a data communication system, in which 
the service provider gives the user of a service a 
number of expendable passwords by means of which the 
30 user can access the service via a telecommunication 
and/or data network, a connection is set up from a 
terminal device to a server and a password is sent at 
log-on to the service, the password is identified and 
access to the service is allowed and/or denied based 
3 5 on the password supplied. 

According to the invention, in the procedure, 
a set of passwords are stored in the terminal device, 
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the right password is selected from the stored set of 
passwords at log-on to a predetermined service, and 
the password is automatically added to a connection 
setup signal to be transmitted from the terminal de- 
5 vice to the server. 

Correspondingly, in the system of the inven- 
tion, the terminal device comprises means for storing 
a set of passwords and selecting the right password 
from the stored set of passwords at log-on to a prede- 

10 termined service to allow automatic addition of the 
password to a connection setup signal to be transmit- 
ted from the terminal device to the server. 

The invention has the advantage that it dis- 
closes a completely new type of mechanism for the 

15 transmission of passwords between a user's telephone 
apparatus and a server. A further advantage of the in- 
vention is that it facilitates the use of services re- 
quiring passwords by reducing the number of routines 
necessitating user interaction in conjunction with the 

20 use of the services. This is done without any compro- 
mises regarding the safety of the services. 

In an embodiment of the procedure, the used 
ones of the passwords in a set of passwords are regis- 
tered. 

2 5 In an embodiment of the procedure, the set of 

passwords in the terminal device is updated from the 
server via the telecommunication and/or data network. 

In an embodiment of the procedure, an order 
for a new set of passwords is automatically sent to 

3 0 the server once the previous set of passwords has been 

exhausted. 

In an embodiment of the procedure, several 
sets of passwords corresponding to different services 
are stored in the terminal device, and in connection 
3 5 setup the set of passwords corresponding to the serv- 
ice to be accessed in each case is selected. 
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in an embodiment of the system, the terminal 
device comprises means for registering the used ones 
of the passwords in a set of passwords. 

in an embodiment of the system, the server 
5 comprises means for updating the set of passwords in 
the terminal device via a telecommunication and/or 
data network, and the terminal device comprises means 
for receiving a set of passwords. 

in an embodiment of the system, the terminal 
10 device comprises means for automatic ordering of a new 
S et of passwords from the server after the previous 
set of passwords has been exhausted. 

in an embodiment of the system, the terminal 
device comprises means for storing several sets of 
15 passwords corresponding to different services. 

In an embodiment of the system, the terminal 
device comprises means for selecting the set of pass- 
words corresponding to the service to be used in each 



20 



25 



esse 

In an embodiment of the system, the data com- 
munication system comprises a wired network and the 
terminal device is a telecommunication terminal, such 
as a telephone, in the wired network. 

in an embodiment of the system, the data com- 
munication system comprises a mobile communication 
network, such as a GSM network, and the terminal de- 
vice is a mobile station, such as a GSM telephone. 

in an embodiment of the system, the terminal 
device is a GSM telephone, and the means for using 
said password management functions are disposed in a 
subscriber identity module, such as a SIM card. 

In an embodiment of the system, in the con- 
nection setup between the subscriber identity module 
and the server, the transmission of passwords is ef- 
35 fected by making use of the called subscriber number. 

In an embodiment of the system, the software 
means of the subscriber identity module are designed 
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to identify the service on the basis of its identifier 
data, such as the telephone number, and to add a num- 
ber of additional digits forming a password to the end 
of the telephone number of the service during call 
5 setup. 

In an embodiment of the system, the sub- 
scriber identity module is provided with a service di- 
rectory containing information specifying the serv- 
ices, the service identifier data and the names of the 
10 password files to be- used in conjunction with the 
services . 

In an embodiment of the system, the service 
directory is provided with a pointer for each service, 
which pointer has been arranged to point to the first 
15 unused password in the set of passwords and, after the 
password has been used, to move on to point to the 
next unused password in sequence. 

In an embodiment of the system, the means for 
ordering new passwords and transmitting them between 

2 0 the server and the subscriber identity module comprise 

the short-message service (SMS-PP service) of the GSM 
network. 

In the following, the invention will be de- 
scribed in detail by the aid of an application exam- 
25 pie. 

The invention is based on providing the tele- 
phone apparatus with an extra module (physical or 
logical) allowing a functionality which creates addi- 
tional signals in the communication between the tele- 

3 0 phone apparatus and the server in conjunction with a 

connection setup related to a service and/or addi- 
tional fields and/or components or equivalent in the 
communication between the telephone apparatus and the 
server, the expendable password being transmitted in 
35 these additional signals/fields/components. This is 
done automatically without the user becoming aware of 
it. The module registers the passwords used each time 
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and therefore always knows which is the correct pass- 
word to be used at log-on. The user will find this 
type of services easier to use, but in respect of data 
security they are of the same level with services in 
5 which the user must input the passwords him/herself. 
The extra module is also able to receive new passwords 
from the server and it can even order new passwords 
when necessary. 

The extra module in the telephone apparatus 

10 may support simultaneous services requiring expendable 
passwords. For this purpose, the extra module contains 
a directory of services supported (in short, a service 
directory) , which is used to identify a service re- 
quiring expendable passwords and to find the correct 

15 list of passwords and also to find the correct posi- 
tion in the list. 

The best embodiment of the invention is a mo- 
bile station, such as a GSM telephone, whose sub- 
scriber identity module contains an application that 

20 uses SIM Application Toolkit commands to accomplish 
the extra functionality described above. The password 
transmission mechanism used in conjunction with the 
setup of a service connection between the SIM card and 
the server consists of the use of the called sub- 

25 scriber number, i.e. the so-called B-identif ier . The 
application on the SIM card uses the "Call Control by 
SIM * command as defined in the TS GSM 11.14 specifica- 
tion, and in practice the application processes each 
called subscriber number, in other words, it compares 

30 the called subscriber number with the numbers stored 
in the service directory, and when it detects that the 
call is addressed to one of the stored numbers, it ap- 
pends to the end of the telephone number a required 
number of additional digits in which the expendable 

35 password is encoded. For example, when the user is 
making a call to the number 0800-XYZ-123456 , the ap- 
plication on the SIM card will change the number to 
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15 



the form 0300-XYZ-123456-KLMN. The last four digits 
(KLMN) of the modified number are the expendable pass- 
word added by the SIM card. 

The service directory may be implemented as a 
special file on the SIM card. The special file con- 
tains information specifying the services supported, 
their identifier data and the names of the password 
files to be used in conjunction with the services. 
Moreover, for each service, the service directory con- 
tains a pointer that points to the current position in 
the list of passwords. Table 1 presents an example of 
the information elements contained in the special 

fllS ' For example, service 1 is identified from the 
fact that the user is calling the number 0800123. The 
application knows that it has- to append to the end of 
the number an expendable password, which is found in 
the file 2FF5. In this instance, the password to be 
used is the thirteenth one in this file. 



20 



service 
identifier 

1 
2 
3 



Method 


Identifiers 


Name of 


Pointer 


Total 




associated 


password 




number of 




with method 


file 




passwords 


BID 


0800123 


2FF5 


13 


100 


BID 


0800456 


2FF4 


11 


100 


SMS 


SMSC:+02 


2FF6 


2 


9 




0202800 










BID: 8756 








Table 


1 . Service 


directory 


as used 


in an em 


of the 


invention . 









25 The server in the public telecommunication 

network receives the expendable password in the sig- 
nalling in the telephone network. The server takes the 
last four digits of the B- identifier and assumes that 
they constitute an expendable password. The server 
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Hable password thus obtained with 
compares the expendable pa ^ passwor d. 

its own information as ^ pre8ent . 

This is done by -^^res the use of a user 
If the service requ service directory 

5 name at log-on to the servic^, ^ ^ The 
raay contain stored user connect ion setup sig- 

ner name can be append ed to ^ 

nal in the same way as t* P ^ passwords betwe en 

For the transmission ^ ^ inventio n on the 
10 the server and the chft SMS . PP service of 

SIM card, it is possible to ^ ^ ^ for 

tbe GSM network. If the Sffl ^ ^ SMS . pp/MO 

new passwords, thxs is ^ ^ ^ passwords are 
(Mobile Originated) servx ^ sms/P p-MT serv- 

15 transmitted to the SIM car 

i ce - . a - Mtv of the application is di- 

vided between three bloc s. ^ ^ ^ expend _ 

pending block, recognise* ^ ^ password 

20 able password and sen ds , a ^ ^ blQck has 

to a password search bl ° c *. appending block appends 
found the right password, the^PP ^ ^ fi _ 

the expendable password i further from 

identifier and allows the call P 
25 the telephone apparatus . ^ invention , a 

In the best •^^ orta comple tely inde- 
bl ock for adding new password ^ it moni - 

pendently of the other bloc* ^ with TS 

tors the SMS Data ^ 1 ° ad ec t eived by the SIM card and 
30 GSM 11-14 version 5- 1 ' 0 pass words on the card, 

detects the ^ passwords stores the new 

Th e block for * I pata Download meS sage to 

passwords received m tn ^ ^ makes an 

a suitable special file on^ direct ory so that 

35 appropriate addition to ^ ^ ^ ^ pass . 

the search block will be b£ & combination 

WO rds. This new password file 
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a passwords of the previ- 
that contains the ^ ™£ £ passwords re- 
ous file and the completely 

ceived. restricted to the appli- 

The invention « no varia tions 

are P° bi3 

defined by the claims. 
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CLAIMS „o«sinq a service in. a 

Pr oced»« fox - che uset o£ the 

data eo-unicatio,. ^ ^e passwords that 

se "i=e is 9iv« . =« »' ™ servlce v i. a tel.co»- 

, "7 user can us, to ^ i„ which procedure 

server ana * f identified ana 

ice the password ib ^ ^ pasSV , or d sup 

1 ' . , i S allowed/denied based. 
x0 service x. . • g r . s e d xn that ^ 

Pli6d ' C a "set of P-swords is stored mt 

v a froTt\ the 

the '"^U^" Udeter»ined 

tared set ot jaw™** * C 

nection setup signal to 

. ^ the server. - c har- 

nal device to tne * ^fined in claim l, 

- Tt-T - -d one, of the passwords 

y:^"p-^-^^ claim X or a 
3 . Procedure as defx ^ pasSWords xn 

r t e r i b e d in that the . e serve r via the 
characters date d from the serv 

25 the terminal dene b P 

tel ecommunication and/o . n any one of cia 

4 . procedure as ****** ^ order fo r a 

, characterised fco the 

30 server once the P 

exhausted. ^fined in any one 

s . Procedure as define ^ gets of 

x . 4, character xse ferent services are 

passwords corresponding ~ \^ d . ring connection 
35 Stored in the cor respondin g to the serv 

setup, the set of pass ^ 
ice to be accessed m each 
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rat ion system in which the 
6 . D ata cfl*n l « tlon y rf expe ndable pass- 
user of a service is 9^ * servi ce via 
words that the user ^ network , sai d system 
a telecommunication and/or 

s comprising , dev ice provided with 

. a user's term to the service, 

mea ns for sending ^^ h \ he terminal device sets 
- a serVer " 8 ervr comprising means for 
up a connection, said se allowing /denying ac- 

10 identifying the P-^^asis of the password sup- 
cess to the service on the ^ ^ termnal 
plied, c h a r a c t e r i s e ^ ^ ^ passwords 
Lice comprises £rd from the stored set 
and electing the right etermine d service to 
15 of passwords at log-on to P word to a connec- 
15 all o P w automatic ^J^Ld fro. the terminal 
tion setup signal to be 

device to the server. claim 6< c h a r - 

7 . system as defined comprises 
c t e r i s e d in that the termi^ d ^ 
20 L registering the used ones 

means for regi 

iB the set of passwords. claim 6 

3. system as def .me ^ comprises 
characterised in ^ ±n the te rmi- 

25 means for updating ^ j£^* a tioa and/or data nef 
^ "TJi: tt: te^nal device comprises means for 

re'ivln: TL - in any one of claims . - 

9 . system as defined i terminal device 

30 8 characterised int^ fanews£tof 

30 comprises means for the previous set of 
DassW ords from the server 

"passwords has been in any one of claims 6 

10. System as ^ the te rminal de- 

» " 9 ' C h 3 r a leanVfor 3 Coring several sets of pass- 
vice comprises means services, 
words corresponding to differen 
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^ defined in claim 10, char - 
11 • SySte \ h at IT terminal device comprises 
a c t e r i s e d xn that t *e ^ corresponding 

mea ns for selecting the set o ^ P 

to t he service to he used - £ _ q£ claims 6 

12 . System as defxne ^ ^ ^ conBBi . 
-11, c h a r a c t . r x - e ^ ^ ^ ter . 

—ion system ^^ nication terminal, such as 

iTeL:::::: * *. ^ any one of ^ * 

iQ 13. System as defxn _^ ^ ^ ^ comnu . 

- 12, characterise coraBIun ±catioii net- 

work, such as a telephone, 
is a mobile static in any one of claims 

14 . System as defxn ^ de - 

13f c h a r a c t e r x s e d x f<>r using 

vi ce is a GSM telephone ^ _ disposed in a 
said password mana gement funct ^ ^ 

sub scriber identity ^ claim 14, c h a r - 

«■ SyStem t lt : the connection setup be- 
a c t e r i s e d xn ^ ^ ^ ^ , 

« the subscriber identxty efort&d by makxng 

„. system as defin f 
c h . r . c t e X x = « * "J* designed to iden- 

th . subscriber identity module identi£ie . data, 

tify the service on the basis ^ ^ 

such .s the «l=Ph=ne nu*e r an ^ ^ ^ oJ 

30 of addition,! digits ^JJice during call setup^ 
the telephone number o£ the ^ of clal „ s 13 

17 . system as defied ^ ^ 3ubs criber 
. 16 , characterise ^ alI ectory 

identity module is provld :* «th ^ 
35 staining L- of the password 
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18. System as defined in claim 17, char- 
acterised in that the service directory is pro- 
vided with a pointer for each service, which pointer 
has been arranged to point to the first unused pass- 

5 word in the set of passwords and, after this password 
has been used, to move on to point to the next unused 
password in sequence. 

19. System as defined in any one of claims 13 
- 18, characterised in that the means for 

10 ordering new passwords and transmitting them between 
the server and the subscriber identity module comprise 
the short-message service (SMS-PP service) of the GSM 
network. 
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